CVE Alert: CVE-2025-21487 – Qualcomm, Inc. – Snapdragon

September 24, 2025

CVE-2025-21487

HIGHNo exploitation known

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.

CVSS v3.1 (8.2)
AV NETWORK · AC LOW · PR NONE · UI NONE · S UNCHANGED
Vendor
Qualcomm, Inc.
Product
Snapdragon
Versions
APQ8017 | APQ8064AU | AQT1000 | FastConnect 6200 | FastConnect 6700 | FastConnect 6800 | FastConnect 6900 | FastConnect 7800 | MSM8996AU | QAM8255P | QAM8295P | QAM8620P | QAM8650P | QAM8775P | QAMSRV1H | QAMSRV1M | QCA6310 | QCA6320 | QCA6335 | QCA6391 | QCA6420 | QCA6426 | QCA6430 | QCA6436 | QCA6564 | QCA6564A | QCA6564AU | QCA6574 | QCA6574A | QCA6574AU | QCA6595 | QCA6595AU | QCA6678AQ | QCA6688AQ | QCA6696 | QCA6698AQ | QCA6797AQ | QCM2150 | QCM2290 | QCM4290 | QCM4325 | QCM4490 | QCM5430 | QCM6125 | QCM6490 | QCM8550 | QCN9274 | QCS2290 | QCS410 | QCS4290 | QCS4490 | QCS5430 | QCS610 | QCS6125 | QCS615 | QCS6490 | QCS8300 | QCS8550 | QCS9100 | QMP1000 | Qualcomm 205 Mobile Platform | Qualcomm 215 Mobile Platform | Qualcomm Video Collaboration VC1 Platform | Qualcomm Video Collaboration VC3 Platform | Robotics RB3 Platform | SA4150P | SA4155P | SA6145P | SA6150P | SA6155 | SA6155P | SA7255P | SA7775P | SA8145P | SA8150P | SA8155 | SA8155P | SA8195P | SA8255P | SA8295P | SA8620P | SA8650P | SA8770P | SA8775P | SA9000P | SD 675 | SD 8 Gen1 5G | SD626 | SD660 | SD670 | SD675 | SD730 | SD835 | SD855 | SD865 5G | SD888 | SDM429W | SDX55 | SG4150P | SM4125 | SM4635 | SM6250 | SM6370 | SM6650 | SM7250P | SM7315 | SM7325P | SM7635 | SM7675 | SM7675P | SM8550P | SM8635 | SM8635P | SM8650Q | SM8735 | SM8750 | SM8750P | Smart Display 200 Platform (APQ5053-AA) | Snapdragon 210 Processor | Snapdragon 212 Mobile Platform | Snapdragon 4 Gen 1 Mobile Platform | Snapdragon 4 Gen 2 Mobile Platform | Snapdragon 425 Mobile Platform | Snapdragon 429 Mobile Platform | Snapdragon 439 Mobile Platform | Snapdragon 460 Mobile Platform | Snapdragon 480 5G Mobile Platform | Snapdragon 480+ 5G Mobile Platform (SM4350-AC) | Snapdragon 625 Mobile Platform | Snapdragon 626 Mobile Platform | Snapdragon 630 Mobile Platform | Snapdragon 632 Mobile Platform | Snapdragon 636 Mobile Platform | Snapdragon 660 Mobile Platform | Snapdragon 662 Mobile Platform | Snapdragon 670 Mobile Platform | Snapdragon 675 Mobile Platform | Snapdragon 678 Mobile Platform (SM6150-AC) | Snapdragon 680 4G Mobile Platform | Snapdragon 685 4G Mobile Platform (SM6225-AD) | Snapdragon 690 5G Mobile Platform | Snapdragon 695 5G Mobile Platform | Snapdragon 710 Mobile Platform | Snapdragon 720G Mobile Platform | Snapdragon 730 Mobile Platform (SM7150-AA) | Snapdragon 730G Mobile Platform (SM7150-AB) | Snapdragon 732G Mobile Platform (SM7150-AC) | Snapdragon 750G 5G Mobile Platform | Snapdragon 765 5G Mobile Platform (SM7250-AA) | Snapdragon 765G 5G Mobile Platform (SM7250-AB) | Snapdragon 768G 5G Mobile Platform (SM7250-AC) | Snapdragon 778G 5G Mobile Platform | Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) | Snapdragon 780G 5G Mobile Platform | Snapdragon 782G Mobile Platform (SM7325-AF) | Snapdragon 7c+ Gen 3 Compute | Snapdragon 8 Gen 1 Mobile Platform | Snapdragon 8 Gen 2 Mobile Platform | Snapdragon 8 Gen 3 Mobile Platform | Snapdragon 8+ Gen 1 Mobile Platform | Snapdragon 8+ Gen 2 Mobile Platform | Snapdragon 820 Automotive Platform | Snapdragon 835 Mobile PC Platform | Snapdragon 845 Mobile Platform | Snapdragon 855 Mobile Platform | Snapdragon 855+/860 Mobile Platform (SM8150-AC) | Snapdragon 865 5G Mobile Platform | Snapdragon 865+ 5G Mobile Platform (SM8250-AB) | Snapdragon 870 5G Mobile Platform (SM8250-AC) | Snapdragon 888 5G Mobile Platform | Snapdragon 888+ 5G Mobile Platform (SM8350-AC) | Snapdragon W5+ Gen 1 Wearable Platform | Snapdragon X50 5G Modem-RF System | Snapdragon X55 5G Modem-RF System | Snapdragon XR1 Platform | Snapdragon XR2 5G Platform | Snapdragon XR2+ Gen 1 Platform | SRV1H | SRV1L | SRV1M | SW5100 | SW5100P | SXR1120 | SXR2130 | TalynPlus | Vision Intelligence 100 Platform (APQ8053-AA) | Vision Intelligence 200 Platform (APQ8053-AC) | WCD9326 | WCD9335 | WCD9340 | WCD9341 | WCD9370 | WCD9371 | WCD9375 | WCD9378 | WCD9380 | WCD9385 | WCD9390 | WCD9395 | WCN3610 | WCN3615 | WCN3620 | WCN3660B | WCN3680 | WCN3680B | WCN3910 | WCN3950 | WCN3980 | WCN3988 | WCN3990 | WCN6450 | WCN6650 | WCN6740 | WCN6755 | WCN7750 | WCN7860 | WCN7861 | WCN7880 | WCN7881 | WSA8810 | WSA8815 | WSA8830 | WSA8832 | WSA8835 | WSA8840 | WSA8845 | WSA8845H
CWE
CWE-126, CWE-126 Buffer Over-read
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Published
2025-09-24T15:33:34.551Z
Updated
2025-09-24T15:33:34.551Z

AI Summary Analysis

Risk verdict

High risk of remote information disclosure via RTP payload processing; no user interaction or credentials required.

Why this matters

Exploitation could expose sensitive media or session data across a broad range of devices with network-facing RTP handling. For organisations, the impact includes data leakage, privacy risk, and potential groundwork for follow-on abuse if streams contain credentials or tokens.

Most likely attack path

An attacker remotely reachable over the network can trigger the vulnerability by sending crafted RTP payloads that exceed the decoder’s buffer. With no privileges or UI interaction needed and low attack complexity, successful exploitation risks information disclosure without broader system takeover. Scope is unchanged, but successful disclosure may enable targeted data exfiltration from affected sessions.

Who is most exposed

Devices that perform RTP decoding in the network stack—across mobile, IoT, automotive, and consumer wearables—are at risk. Any deployment exposing RTP-enabled services to attackers (e.g., VoIP/video streams) increases exposure.

Detection ideas

  • Look for memory-disclosure anomalies tied to RTP payload handling (crashes, unusual offsets).
  • Monitor RTP streams for anomalously large or malformed payload lengths.
  • Correlate decoder crashes with network-originating RTP bursts.
  • Inspect crash dumps and stack traces from network drivers for buffer over-read signatures.
  • Identify repeated failures in RTP processing from unauthenticated sources.

Mitigation and prioritisation

  • Apply vendor/firmware updates when released; validate in a lab before broad rollout.
  • Implement network access controls to limit RTP exposure to trusted endpoints.
  • Disable or harden RTP decoding where feasible; segment affected devices from sensitive networks.
  • Prepare change-management plans to deploy updates across affected platforms.
  • If KEV is true or EPSS ≥ 0.5, treat as priority 1. Otherwise monitor vendor advisories and risk.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , , , , ,

You may have missed

Cobalt-Strike

Cobalt Strike Beacon Detected – 8[.]218[.]112[.]112:8081

September 25, 2025
Cobalt-Strike

Cobalt Strike Beacon Detected – 179[.]43[.]139[.]125:443

September 25, 2025
Cobalt-Strike

Cobalt Strike Beacon Detected – 117[.]72[.]69[.]118:8081

September 25, 2025
Cobalt-Strike

Cobalt Strike Beacon Detected – 106[.]75[.]224[.]31:8081

September 25, 2025
Cobalt-Strike

Cobalt Strike Beacon Detected – 124[.]222[.]74[.]146:80

September 25, 2025